(19) 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



EP 1 331 543 A2 



(12) 



EUROPEAN PATENT APPLICATION 



(43) Date of publication: 


(51) IntCI/: G06F 1/00 


30,07.2003 Bulletin 2003/31 


(21) Application number; 03250321.1 




(22) Date of filing: 17.01.2003 




(84) Designated Contracting States: 


• Daanen, Johannes Maria Victo 


AT BE BG CH CY CZ DE DK EE ES Fl FR GB GR 


Redland, Bristol BS6 6PB (GB) 


HU IE IT LI LU MC NL PT SE SI SK TR 


• Cushnie, John 


Designated Extension States: 


Miinthorpe, Cumbria LA7 7DG (GB) 


AL LT LV MK RO 


♦ Brown, Sean 




Harrmton Middlpspy TW12 2BP (GR} 


^301 Priority 1Q 01 2002 GB 0201228 






(~7A\ Rpnrp^pntwtivp' SmiihhR Roh^rt Frpinr*is f»t al 

\ ' ' f I 'wfJI CuCI I Lull V C, wtjUIUMO, 1 lwWV/l L. 1 1 CM 1 IW'li* l CI 1 


(1 "1 ^ Annlippnt* HcwIP'tt-PPickjird Comnflfiv (n Dplawarf* 

w i/ n|j|jiH/aiiii i icviicii r av rvci iu v/uiiiMaiiy ia i/cia vv ci i w 


Hf*wlf k tt-P?ir*lffirH 1 imitpH 

1 IbWICU 1 CM V# l\C« 1 VJ L» 1 1 1 1 1 Lv? SA 


corporation) 


IP Section 


Palo Alto, CA 94304 (US) 


Building 3 




Filton Road 


(72) Inventors: 


Stoke Gifford Bristol BS34 8QZ (GB) 


• Oliver, Huw Edward 




Eastville, Bristol BS5 6DR (GB) 




(54) Access control 




(57) A method of controlling access to playable con- 


performing a matching process to compare the 


tent, the method comprising the steps of 


credentials to the access criteria, and 


receiving a request to access playable content 


allowing access to the playable content is permit- 


(17a) having a plurality of associated access criteria, 


ted if the access criteria are met by a logical combination 


receiving a plurality of credentials, 


of the plurality of credentials, 



CM 
< 
CO 

IX) 

f— 
CO 
CO 




Q. 
LU 



Printed by Jouve, 75001 PARIS (FR) 



1 

Description 

Description of invention 

[0001] This invention relates to a method of control- 5 
ling access to playable content, particularly but not ex- 
clusively for controlling access to content provided over 
the internet. 

[0002] A great deal of information in the form of mul- 
timedia files, hereinafter referred to as "content" is avail- 
able over the Internet. Such content may, for example, 
comprise images, audio or video files, HTML pages, 
text, or any other appropriate form of information as de- 
sired. The content may comprise streamed material, 
such as streamed audio or video information. 
[0003] It is often desirable to control access to con- 
tent, such that, for example, the content cannot be ac- 
cessed by people youngerthan a particular age, or in a 
particular geographical location orotherwise as desired. 
It is known to provide password-protected Internet sites, 
where a password must be supplied by the user to ac- 
cess restricted pages of the site, However, in this situa- 
tion the user must first provide personal details to the 
internet site provider in order to be issued with a pass- 
word, with corresponding privacy concerns. To prevent 
children obtaining access to websites with adult content, 
age verification schemes are known whereby a user 
supplies information, such as credit card information 
and other personal information if requested, to a third 
party credential provider. The third party credential pro- 
viderverifies the information, in particularthe age of the 
user, and issues a password or credential to enable the 
user to access those websites which recognise the 
password supplied by the third party. A similar system 
of providing a credential to authenticate a user's identity 
to allow the user to access a client system without ref- 
erence by the client system to the credential provider is 
known, for example the Kerberos authentication 
scheme, The credential effectively acts as a password 
to a site and in the case of commercial or adult verifica- 
tion credentials, the user may be reported back to the 
third party credential provider for billing purposes. 
[0004] An aim of the invention is to provide a new or 
improved method of controlling access to playable con- 
tent. 

[0005] According to a first aspect of the invention, we 
provide a method of controlling access to playable con- 
tent, the method comprising the steps of receiving a re- 
quest to access playable content having a plurality of 
associated access criteria, receiving a plurality of cre- 
dentials, performing a matching process to compare the 
credentials to the access criteria, and allowing access 
to the playable content is permitted if the access criteria 
are met by a logical combination of the plurality of cre- 
dentials, 

[0006] The associated access criteria may each com- 
prise an indication of a credential necessary to access 
the playable content, 
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[0007] The access criteria may define a set of alter- 
native credentials and the plurality of credentials provide 
at least one of said set of alternative credentials to allow 
access to the playable content. 
[0008] The access criteria may define a set of re- 
quired credentials and the plurality of credentials pro- 
vide each of said required credentials to allow access 
to the playable content. 

[0009] The access criteria may each comprise an in- 
dication of a user characteristic necessary to access the 
playable content and wherein a credential comprises an 
indication of the user characteristic. 
[0010] The credentials may be issued by at least one 
credential provider. 

[0011] The credential may comprise credential pro- 
vider information and the matching process includes the 
step of reading said credential provider information to 
verify the source of the credential. 
[0012] The method may be performed by a content 
provider system, the content provider system being fur- 
ther operable to transmit the playable content in re- 
sponse to the request if the access criteria are met by 
a logical combination of the plurality of credentials. 
[001 3] The playable content may be played by a con- 
tent player, wherein the content player may perform the 
matching process before playing the playable content, 
[0014] The playable content may be a played using a 
content player, wherein the matching process may be 
performed by a trusted software element and wherein 
the content player may be operable to play the playable 
content when authorised by the trusted software ele- 
ment. 

[0015] According to a second aspect of the invention, 
we provide a content provider system operable to supply 
playable content to a user system, the content provider 
system being operable to receive a request from the us- 
er system to access playable content having a plurality 
of associated access criteria, receive a plurality of cre- 
dentials from the user system, perform a matching proc- 
ess to compare the credentials to the access criteria, 
and allow access to the playable content if the access 
criteria are met by a logical combination of the plurality 
of credentials, 

[0016] According to a third aspect of the invention, we 
provide a method of controlling access to playable con- 
tent by a user, the user performing the steps of acquiring 
a plurality of credentials from at least one credential pro- 
vider, requesting playable content from a content pro- 
vider, the playable content having a plurality of associ- 
ated access criteria, and supplying the plurality of cre- 
dentials to a matching process, the matching process 
comprising the step of comparing the credentials to the 
access criteria, the user being permitted to access the 
playable content if the access criteria are met by a log- 
ical combination of the plurality of credentials. 
[0017] The step of acquiring a credential may com- 
prise the steps of the user transmitting a credential re- 
quest to a credential provider and transmitting user in- 
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formation relating to a user characteristic, the credential 
provider performing the steps of comparing the user in- 
formation with a predetermined user characteristic cri- 
terion, generating a credential if the user characteristic 
is in accordance with the predetermined user character- 
istic criterion, and transmitting the credential to the user. 
[0018] The user information may comprise geograph- 
ical information comprising ceil information from a cel- 
lular telephone communication system. 
[0019] The user information may further comprise a 
unique identifier of a mobile communication device. 
[0020] The invention will now be described by way of 
example only with reference to the accompanying draw- 
ings, wherein; 

Figure 1 is a diagrammatic illustration of an embod- 
iment of the present invention 
Figure 2 is a particular configuration of the embod- 
iment of Figure 1 . and 

Figure 3 is a diagrammatic illustration of an appli- 
cation of the embodiment of Figure 2. 

[0021] Referring now to Figure 1, a user system is 
shown at 10, which is connectable to a credential pro- 
vider system 11 and a content provider system 12, The 
user system 1 0 is provided with a content player 1 3, op- 
erable to receive playable content from the content pro- 
vider system 12 and play the playable content by out- 
puting or otherwise displaying the content in a fashion 
accessible to a user, The credential provider system 11 , 
which comprises a trusted provider system, comprises 
a credential generator 14 and a storage medium 15, The 
content provider 12 comprises a validation module 16 
and a content store 1 7 comprising a plurality of playable 
content elements 17a, some or each of which have an 
associated access criterion. 

[0022] The invention works as follows. The user of the 
user system 1 0 wishes to access some playable content 
from the content provider 12, but access to the content 
is in some way limited by the access criterion, for exam- 
ple to people over a certain age. The user system 1 0 is 
not able to access the content store 17 and obtain the 
playable content 17a and/or play the playable content 
1 7a on the content player 1 3 without an appropriate cre- 
dential. To obtain a credential, the user system 1 0 trans- 
mits a request for a credential, together with user infor- 
mation comprising user characteristic information to the 
credential provider system 11, The credential provider 
system 11 may then verify the user information provid- 
ed, and compare the user characteristic information with 
a predetermined user characteristic criterion, For exam- 
ple, the user characteristic information may be the us- 
er's date of birth and the criterion may be "over 18". If 
the criterion is met by the user characteristic informa- 
tion, the credential generator 14 provides a credential, 
which is transmitted to the user system 10, and In this 
example the credential and user information are stored 
in the storage medium 1 5, In this example, a credential 
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comprises a character or data string encoding relevant 
information identifying a particular user characteristic 
and the credential provider system, together with any 
other information as desired, for example the date and 

5 time of generation of the credential and period of validity 
of the credential . It might also be envisaged that the cre- 
dential take the form of a software element or agent, or 
be otherwise implemented as desired. 
[0023] If the user system 1 0 now attempts to retrieve 

10 content from the content store 1 7, the content provider 
system 1 2 requests a credential and the user system 1 0 
can provide the credential generated by the credential 
provider system 11, The validation module 16 performs 
a matching process to compare the credential with the 

15 access criterion associated with the requested playable 
content. If the credential is in accordance with the ac- 
cess criterion, the user system 1 0 is allowed to access 
to the requested playable content 17a. The content pro- 
vider system 1 2 may optionally contact the credential 

20 provider system 11, as shown by dashed line 18 to 
check the validity of the credential, Alternatively, the cre- 
dential may contain sufficient provider credential infor- 
mation in itself that the validation module 16 can check 
the credential without contacting the credential provider 

25 system 11 , For example the credential may contain in- 
formation identifying the credential provider system 11 
and confirming thatthe user of the user system 10 meets 
the predefined access criterion in this example is above 
a certain age. To verify that the credential was provided 

so by the credential provider system 1 1 , the credential pro- 
vider system may have a public key/private key pair in 
conventional manner. The credential may be encrypted 
using the private key in conventional manner and may 
be decrypted using the credential provider system's 

35 publicly available public key, thus confirming the creden- 
tial provider system 11 as the source of the credential. 
Any other authentication or verification means may be 
used as desired, if the validation module 1 6 "trusts" the 
credential provider 1 1 , the validation module 1 6 then ac- 

40 cepts the credential as being genuine. 

[0024] Where a credential is to be supplied to a con- 
tent service provider, the credential may be encrypted 
using the public key of a public/private key pair associ- 
ated with the content provider before transmission by 

45 the user, 

[0025] In the alternative, the content player 13 may 
verify the credential before the content can be played. 
The authentication of the credential may be performed 
in like manner to the verification module 16, and may be 

50 performed for example by trusted software downloaded 
to or embedded in the content player 3, or by trusted 
software embedded in the playable content, 
[0026] The credential provider system 11 is a trusted 
system, in that the user identity information supplied to 

55 the provider system 11 is not tampered with, is suitably 
verified, and is not passed on to third parties. Thus, in 
the example where the credential has to be provided to 
the validation module 16 before the content provider 
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system 12 will provide access to the desired playable 
content, the only information supplied from the user sys- 
tem 1 0 to the content provider system 1 2 is a credential 
which confirms that the user is over a certain age. No 
personal details are supplied to the content provider 
system 12 with obvious benefits to privacy to the user 
of the user system 10. Where no validation Is sent from 
the content provider system 1 2 to the credential provider 
system 1 1 , there will be no single entity able to combine 
details of the playable content accessed using the cre- 
dential and the user information supplied to obtain the 
credential. 

[0027] It might be envisaged that together with the 
credential, other information may be requested without 
recourse to a credential from a third party credential pro- 
vider system, for example where the relevant informa- 
tion does not, for example, constitute an unacceptable 
breach of privacy. The content provider system 1 2 may 
for example require a credential confirming the user is 
greater than a certain age, and an identification number 
from the content player 13 confirming that the player is 
of the right type and version to play the requested con- 
tent. 

[0028] It will be apparent that the present invention is 
not necessarily limited to the supply of a single creden- 
tial, In the example of Figure 2, the user system 10 is 
operable to access the Internet 19 via a telephone net- 
work 20. A plurality of content provider systems 12a, 
12b, 12c, are accessible via the Internet 19, together 
with a plurality of credential provider systems 11a, 11b, 
11c. Each credential provider system 11a, 11b, 11c, may 
provide one or more credentials corresponding to one 
or more predetermined user characteristic criteria. For 
example, the credential provider system 11a may pro- 
vide a credential confirming that the user is above a cer- 
tain age, credential provider system 11b may provide a 
credential confirming that the user is an employee of a 
particular company, and credential provider system 1 1 c 
may provide a credential confirming the geographical lo- 
cation of the user. This latter may be confirmed, by for 
example the user system 10 comprising a global posi- 
tioning system (GPS) system and transmitting the ap- 
propriate geographical Information to the credential pro- 
vider system 11c as part of the user identity information. 
The user system 1 0 will thus be provided with a plurality 
of separate credentials. 

[0029] When the user then wishes to access one of 
the content provider systems 1 2a, 1 2b, 1 2c, the content 
provider system may request any logical combination of 
credentials to meet a set of predefined access criteria. 
For example, a company content provider system may 
only require the company identification credential, whilst 
a streaming video content provider system may require 
the user system 1 0 to transmit both the credential pro- 
viding confirmation of age and the credential confirming 
the geographical location of the user system 10 before 
permitting playable content comprising streamed video 
to be downloaded. 
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[0030] In an alternative as discussed above, the re- 
quested content may be downloaded from a relevant 
content provider system 12a, 12b, 12c, and the content 
player 1 3 may perform a marking step then to verify that 

5 the user system 1 0 has been provided with one or more 
credential from the appropriate credential provider sys- 
tem 11a, 11b, 11c, The credentials may be stored locally 
on the user system 10 in the form of cookies or in any 
other form as desired. 

10 [0031] it will be apparent that this invention provides 
a flexible way of controlling access to playable content 
using a desired set of predefined access criteria. To ac- 
cess the playablecontent, the user may have to possess 
each of a required set of credentials before he may ac- 

15 cess the playable content, or may need to provide at 
least one of a set of alternative credentials or indeed 
provide any appropriate logical combination of creden- 
tials, Credentials may be provided to validate any re- 
quired user characteristic criterion, for example, mem- 

20 bership of an organisation or group, payment creden- 
tials, age, sex, location or any other characteristic as 
desired, Credentials may be single use or may remain 
valid depending on the application. The credential pro- 
vider system 11 may be able to provide credentials for 

25 defined or ad hoc groups. 

[0032] A particular application is shown in Figure 3. 
[0033] Referring to Figure 3, a user system compris- 
ing a mobile communication device is illustrated at 30, 
A credential provider system is shown at 31 and a con- 

30 tent provider system is shown at 32. The mobile com- 
munication device 30 is connected to the Internet 33 via 
a cellular telephone communication system 34, The 
content provider system 32 is accessible via the Inter- 
net. The credential provider system 31 is accessible ei- 

35 therviathe Internet or via the mobile telephone commu- 
nication network 34, The credential provider system 31 
is provided with a credential generator 35 and a storage 
medium 36. The mobile communication device 30 is 
provided with a SIM card or similar element having a 

40 unique identifier, and an authentication module 38 is al- 
so provided on the mobile communications device 30, 
[0034] In this example, it is desired to limit the access 
to content provided by the content provider system 32 
to consumers within a certain geographical area. Incon- 

45 ventional manner, the cellular telephone communication 
system 34 will be aware of the particular cell of the cel- 
lular telephone communication system 39 in which the 
mobile communication device 30 Is located. 
[0035] In this example, the user identity information is 

50 stored in the store 36, and linked with the SIM unique 
identifier of the SIM module 37. To request a credential, 
the user of the mobile communication device 30 can 
contact the credential provider system 31 via the com- 
munication network 34 or Internet 33, supply the SIM 

55 unique identifier and receive a credential relating to a 
desired user characteristic from the credential generator 
35, The credential is then stored in the SIM module 37. 
[0036] When the user desires to use the mobile com- 
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munication device 30 to access playable content from 
the content provider system 32, the mobile communica- 
tion device 30 receives the cell information from the cel- 
lular telephone communication system 34. The authen- 
tication module 38 then combines the credential stored 
in the SIM module 37 with the ceil information received 
from the system 34 and transmits the combined infor- 
mation to the content provider system 32. The content 
provider system 32 may then validate the credential and 
geographical information as discussed with relation to 
the system Figures 1 and 2, and permit or refuse access 
to the content as appropriate. 

[0037] Many users for such a system may be envis- 
aged, such as differential pricing for access to content 
from different geographical areas. 
[0038] Again, it will be apparent that the only informa- 
tion transmitted to the content provider system 32 will 
be the credential supplied by the credential provider sys- 
tem 31 , the geographical information supplied by the 
mobile cellular communication network 34 and address 
information required to transmit the requested playable 
content to the module communication device 30 via the 
Internet 33. If it desired even to withhold the geograph- 
ical information from the content provider system 32, it 
could be envisaged that the request for a credential 
would include the geographical information along with 
the SIM unique identifier. The credential provider sys- 
tem 31 could then generate a credential which confirms 
the general geographical location, for example a region 
or country, such that the specific cell information is not 
transmitted to the content provider system 32. If the ge- 
ographical information comprises specific information 
for example, it will be apparent that a new credential will 
necessarily be required each time the mobile communi- 
cation device 30 moves between cells whereas if the 
authentication module 38 stores a credential which 
combines a general credential and the geographical in- 
formation, then a single stored credential can be used 
in a plurality of cells, The geographical information may 
be encoded or certified as desired to confirm its authen- 
ticity to the credential provider system 31 and/orthe con- 
tent provider system 32 as desired, 
[0039] In the present specification "comprise" means 
"includes or consists of" and "comprising" means "in- 
cluding or consisting of". 

[0040] The features disclosed in the foregoing de- 
scription, or the following claims, or the accompanying 
drawings, expressed in their specific forms or in terms 
of a means for performing the disclosed function, or a 
method or process for attaining the disclosed result, as 
appropriate, may, separately, or in any combination of 
such features, be utilised for realising the invention in 
diverse forms thereof. 



Claims 

1 . A method of controlling access to playable content, 



the method comprising the steps of 

receiving a request to access playable con- 
tent (17a) having a plurality of associated access 
criteria, 

5 receiving a plurality of credentials, 

performing a matching process to compare 
the credentials to the access criteria, and 

allowing access to the playable content is per- 
mitted if the access criteria are met by a logical com- 
10 bination of the plurality of credentials, 

2. A method according to claim 1 wherein the associ- 
ated access criteria each comprise an indication of 
a credential necessary to access the playable con- 
's tent (17a), 

3. A method according to claim 2 wherein the access 
criteria define a set of alternative credentials and 
the plurality of credentials provide at least one of 

20 said set of alternative credentials to allow access to 
the playable content (17a). 

4. A method according to claim 2 or claim 3 wherein 
the access criteria define a set of required creden- 

25 tials and the plurality of credentials provide each of 
said required credentials to allow access to the 
playable content (17a). 

5. A method according to any one of claims 1 to 4 
20 wherein the access criteria each comprise an indi- 
cation of a user characteristic necessary to access 
the playable content (1 7a) and wherein a credential 
comprises an indication of the user characteristic. 

35 6. A method according to any one of the preceding 
claims wherein the credentials are issued by at least 
one credential provider (11), 

7. A method according to claim 6 wherein the creden- 
40 tial comprises credential provider information and 
the matching process includes the step of reading 
said credential provider information to verify the 
source of the credential. 

45 8. A method according to any one of the preceding 
claims wherein the method is performed by a con- 
tent provider system (1 2), the content provider sys- 
tem being further operable to transmit the playable 
content (17a) in response to the request if the ac- 

50 cess criteria are met by a logical combination of the 
plurality of credentials, 

9. A method according to any one of claims 1 to 8 
wherein the playable content (17a) is to be played 
55 by a content player (13) and wherein the content 
player (13) performs the matching process before 
playing the playable content (1 7a). 
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10. A method according to any one of claims 1 to 8 
wherein the playable content (1 7a) is to be a piayed 
using a content player (13), wherein the matching 
process is performed by a trusted software element 
and wherein the content player (13) is operable to 5 
play the playable content (1 7a) when authorised by 
the trusted software element. 

11. A content provider system (12) operable to supply 
playable content to a user system (10), the content w 
provider system (12) being operable to 

receive a request from the user system (10) 
to access playable content (17a) having a plurality 
of associated access criteria, 

receive a plurality of credentials from the user 15 
system (10), 

perform a matching process to compare the 
credentials to the access criteria, and 

allow access to the playable content (17a) if 
the access criteria are met by a logical combination 20 
of the plurality of credentials. 

12. A method of controlling access to playable content 
by a user, the user performing the steps of; 

acquiring a plurality of credentials from at 25 
least one credential provider (11), 

requesting playable content (1 7a) from a con- 
tent provider (1 2), the playable content having a plu- 
rality of associated access criteria, 

and supplying the plurality of credentials to a so 
matching process, 

the matching process comprising the step of 
comparing the credentials to the access criteria, 

the user being permitted to access the playa- 
ble content (1 7a) if the access criteria are met by a 35 
logical combination of the plurality of credentials. 

13. A method according to claim 12 wherein the step of 
acquiring a credential comprises the steps of; 

the user transmitting a credential request to a 40 
credential provider (11) and transmitting user Infor- 
mation relating to a user characteristic, 

the credential provider (11) performing the 
steps of comparing the user information with a pre- 
determined user characteristic criterion, 45 

generating a credential if the user character- 
istic is in accordance with the predetermined user 
characteristic criterion, and 

transmitting the credential to the user. 

50 

14. A method according to claim 13 wherein the user 
information comprises geographical information 
comprising cell information from a cellular tele- 
phone communication system (34). 

55 

15. A method according to claim 14 wherein the user 
information further comprises a unique identifier of 
a mobile communication device (30). 
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